alt Hacker NewsIf the app wants to take advantage of mandatory hardware attestation, it has to require Android 13 or later. This would undermine somewhat the promise that the app supports a wide range of devices. Even banks don't currently enforce Android 13+.
If the app wants to take advantage of mandatory hardware attestation, it has to require Android 13 or later. This would undermine somewhat the promise that the app supports a wide range of devices. Even banks don't currently enforce Android 13+.
The reference wallet uses a minimum API level 29 (https://github.com/eu-digital-identity-wallet/av-app-android...)
Although, hardware attestation should be available for Android 8+. Only older Android versions can be spoofed.
You can still get strong integrity, but [as the docs state](https://developer.android.com/google/play/integrity/verdicts):
> On Android 12 and lower, the MEETS_STRONG_INTEGRITY verdict only requires hardware-backed proof of boot integrity and does not require the device to have a recent security update. Therefore, when using the MEETS_STRONG_INTEGRITY, it is recommended to also take into account the Android SDK version in the deviceAttributes field.